[AfrICANN-discuss] Harms and Concerns Posed by NXDOMAIN
Substitution (DNS Wildcard and
Similar Technologies) at Registry Level
annerachel at gmail.com
Wed Nov 25 12:04:22 SAST 2009
Harms and Concerns Posed by NXDOMAIN Substitution (DNS Wildcard and Similar
Technologies) at Registry Level
24 November 2009
the harms and concerns posed by NXDOMAIN substitution (commonly
implemented by the use of DNS wildcard) at the registry level. The paper is
a collection of the findings published by experts on the subject.
On 10 June 2009, the Security and Stability Advisory Committee (SSAC)
published an advisory stating that the redirection and synthesizing of DNS
responses (e.g., DNS wildcard) by TLDs poses a clear and significant danger
to the security and stability of the Domain Name System.
At its public meeting in Sydney in June 2009, the ICANN Board of Directors
resolved that new top-level domains should not use DNS redirection and
synthesizing of DNS responses.
In response to the Board resolution, ICANN staff included a prohibition
against redirection and synthesizing of DNS responses in the draft Registry
Agreement for new gTLDs. ICANN also included a similar commitment as part of
the request for new IDN ccTLDs in the proposed Terms and Conditions and in
the three proposed relationship options between ICANN and the IDN ccTLD
The Board also directed ICANN staff to report on the harms and concerns
posed by the use of redirection and synthesizing of DNS responses;
collectively, NXDOMAIN substitution.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the AfrICANN